Known Vulnerabilities for products from Espressif
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Espressif".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Espressif can be found at device.report : Espressif
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-46532 json | ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0, an ... | Not Provided | 2026-06-10 | 2026-06-11 |
| CVE-2026-45542 json | ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a h... | Not Provided | 2026-06-10 | 2026-06-11 |
| CVE-2026-45541 json | ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a N... | Not Provided | 2026-06-10 | 2026-06-11 |
| CVE-2026-45329 json | ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-se... | Not Provided | 2026-06-10 | 2026-06-11 |
| CVE-2026-45328 json | ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, the esp_tee component exp... | Not Provided | 2026-06-10 | 2026-06-11 |
| CVE-2026-45160 json | ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, a... | Not Provided | 2026-06-10 | 2026-06-11 |
| CVE-2026-44358 json | Not Provided | 2026-05-28 | 2026-05-30 | |
| CVE-2026-42855 json | arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior t... | Not Provided | 2026-05-12 | 2026-05-15 |
| CVE-2026-42854 json | arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior t... | Not Provided | 2026-05-12 | 2026-05-18 |
| CVE-2026-41429 json | arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior t... | Not Provided | 2026-04-24 | 2026-05-05 |
| CVE-2023-46894 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2023-11-09 | 2023-11-15 |
| CVE-2023-35818 json | An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devices. An EMFI attack on ECO3 provides the attacker with ... | 6.8 - MEDIUM | 2023-07-17 | 2023-07-28 |
| CVE-2022-24893 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-06-25 | 2022-07-08 |
| CVE-2021-41104 json | ESPHome is a system to control the ESP8266/ESP32. Anyone with web_server enabled and HTTP basic auth configured on version 20... | 7.5 - HIGH | 2021-09-28 | 2021-10-07 |
| CVE-2021-34173 json | An attacker can cause a Denial of Service and kernel panic in v4.2 and earlier versions of Espressif esp32 via a malformed be... | 7.5 - HIGH | 2021-07-14 | 2021-07-27 |
| CVE-2021-28139 json | The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly restrict the Feature Page upon re... | 8.8 - HIGH | 2021-09-07 | 2021-09-09 |
| CVE-2021-28136 json | The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of multiple ... | 6.5 - MEDIUM | 2021-09-07 | 2021-09-09 |
| CVE-2021-28135 json | The Bluetooth Classic implementation in Espressif ESP-IDF 4.4 and earlier does not properly handle the reception of continuou... | 6.5 - MEDIUM | 2021-09-07 | 2022-07-12 |
| CVE-2020-16146 json | Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x through 3.2.3, 3.3.x through 3.3.2, and 4.0.x through ... | 7.5 - HIGH | 2021-01-12 | 2021-01-20 |
| CVE-2020-13595 json | The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the... | 6.5 - MEDIUM | 2020-08-31 | 2020-09-08 |
Known software with vulnerabilities from Espressif
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Espressif | Arduino-esp32 | - |
| Application | Espressif | Arduino Esp8266 | 2.0.0 |
| Application | Espressif | Esp-idf | 0.9 |
| Hardware | Espressif | Esp32 | - |
| Hardware | Espressif | Esp32-d0wd | - |
| Operating System | Espressif | Esp32-d0wd Firmware | - |
| Hardware | Espressif | Esp32-d2wd | - |
| Operating System | Espressif | Esp32-d2wd Firmware | - |
| Hardware | Espressif | Esp32-pico-d4 | - |
| Operating System | Espressif | Esp32-pico-d4 Firmware | - |
| Hardware | Espressif | Esp32-s0wd | - |
| Operating System | Espressif | Esp32-s0wd Firmware | - |
| Application | Espressif | Esp8266 Nonos Sdk | 2.0.0 |
| Application | Espressif | Esp8266 Rtos Sdk | - |